Contact Form being Hi-jacked - HELP!

[fisher318]

Hello,

I have two websites that i have noticed it appears that the contact form is being hi-jacked. I get 10-12 emails in a row from that contact form with bogus email addresses in every field.

How can I tell for sure if the form is being hi-jacked and also, is there an easy way for a non-programmer to make the form more secure?

Thanks in advance for any help anyone can offer.

[nottheusual1]

That may not be the issue. There are known exploits for FrontPage extensions (older versions) that allow the hijacking of a server via a malformed form input.

What you may be seeing is the occasional errant script-kiddy checking your site for this vulnerability. I wouldn't worry about it, unless you are running an older version of the Frontpage extensions, that is.

We see this on every server a few times a week but don't pay any mind to it - we even see it on sites not using the FP extensions, so the bot's being used to look for the vulnerability aren't that smart, either.

Also, if you are running them, but never use them, it is much preferred to disable the extensions completely. Even most *nix servers have them installed.

[fisher318]

Thanks for the help. So can I assume that by disabling front page extensions on the server accounts, that my sites are pretty much protected from form hi-jacking?

However, the interesting thing, is that I didn't have front page extensions enabled, so then that would have just been a result of them checking my form for vulnerabilities rather than actually utilizing it for spam, correct?

[nottheusual1]

Well.... At least from that potential vulnerability.

You should also do a few other things, like maybe running php_suexec, but not every machine is the same. If you are running certain software, some easy fixes will break other things. As an example, you can't run MMCache, certain image gallery programs, etc., with php_suexec because it forces PHP to run as a CGI binary.

This would be a good discussion to have with one of the more knowledgeable admins at your host or NOC. Ask about basic stuff like basic server hardening and making sure that visitors can't inject things into your PHP forms and results. This is pretty 101 stuff from the admin end, so it shouldn't be a hard thing for them to help out with.

[fisher318]

Ok, I will. Thanks for the help!